<?php
/* FILE: process_edit_collection.php
 * DESCRIPTION: Process called when a user presses the Submit Changes button in new_collection.php
 * POST DATA: rating, description, attribute data, attribute types
 * GET DATA: cname (collection name)
 */ 
 
// Inialize session
session_start();

// Include database connection settings
include('config.inc');

// Include functions
include('includes/functions.php');

//Get the collection name from the URL
$collectionName = (string)$_GET['cname'];

//Make sure user owns the collection
if(getUID($collectionName) ==  $_SESSION['user_name'])
{
	//Get the new attributes of the collection
	for($n=0;  $n < 10; $n++)
	{
		$new = $_POST['attr'.($n+1)];
		$newAttributes[$n] = trim((string)$new);
		$newAttTypes[$n] = findType($_POST['type'.($n+1)]);
	}
	if(($result = checkValidCollection($collectionName, $newAttributes, false)) == 1)
	{
		//Get the previous rating of the collection
		$oldRating = getRating($collectionName);
		//Get the current rating of the collection
		switch((string)$_POST['rating'])
		{
			case 	'one': 	$newRating = 1; break;
			case 	'two': 	$newRating = 2; break;
			case 	'thr': 	$newRating = 3; break;
			case 	'four': $newRating = 4; break;
			case 	'five': $newRating = 5; break;
			default: 		$newRating = 0; break;
		}
		//Check to see if ratings match, if not, UPDATE
		if($oldRating != $newRating)
		{
			$updateQuery = 
				"UPDATE collection "
				. "SET collection_rating = '"
				. mysql_real_escape_string($newRating)
				. "' WHERE collection_name = '"
				. mysql_real_escape_string($collectionName)
				. "' AND collection_rating = '"
				. mysql_real_escape_string($oldRating)
				. "' AND collection_user_id = '"
				. mysql_real_escape_string($_SESSION['user_name'])
				. "';";
			if(!$success = mysql_query($updateQuery))
				die("Unable to update collection rating: " . $updateQuery);
		}

		//Get the previous description of the collection
		$oldDescription = getDescription($collectionName);
		//Get the current description of the collection
		$newDescription = (string)$_POST['col_desc'];
		//Check to see if the descriptions match, if not, UPDATE
		if($oldDescription != $newDescription)
		{
			$updateQuery = 
				"UPDATE collection "
				. "SET collection_desc = '"
				. mysql_real_escape_string($newDescription)
				. "' WHERE collection_name = '"
				. mysql_real_escape_string($collectionName)
				. "' AND collection_desc = '"
				. mysql_real_escape_string($oldDescription)
				. "' AND collection_user_id = '"
				. mysql_real_escape_string($_SESSION['user_name'])
				. "';";
			if(!$success = mysql_query($updateQuery))
				die("Unable to update collection description: " . $updateQuery);
		}

		//Get the previous attributes of the collection
		$queryResult = getAttributes($collectionName);
		for($i=0; $i < mysql_num_rows($queryResult); $i++)
		{
			$temp = mysql_fetch_array($queryResult);
			$oldAttributes[$i] = (string)$temp[0];
			$oldAttTypes[$i] = (string)$temp[1];
		}

		//Make changes -- beginning of enormous FOR loop
		//Second statement in the for loop explained: Take the count from the largest array :P
		for($c=0; $c < count(count($newAttributes) > count($oldAttributes) ? $newAttributes : $oldAttributes); $c++)
		{
			//Make changes only if the attributes are different...
			if($newAttributes[$c] != $oldAttributes[$c])
			{
				//If oldAttributes has a NULL value where newAttributes has something, there was an attribute added
				if($oldAttributes[$c] == NULL)
				{
					$alterAdd =
						 "ALTER TABLE "
						 . mysql_real_escape_string($collectionName)
						 . " ADD "
						 . mysql_real_escape_string($newAttributes[$c])
						 . " "
						 . mysql_real_escape_string($newAttTypes[$c])
						 . ";";
					if(!$success = mysql_query($alterAdd))
						die("Unable to update collection attributes: " . $alterAdd);
					
					$addAttribute =
						"INSERT INTO attribute (attribute_name, attribute_type, attribute_collection_name, attribute_user_id) VALUES ('"
						. mysql_real_escape_string($newAttributes[$c])
						. "','"
						. mysql_real_escape_string($newAttTypes[$c])
						. "','"
						. mysql_real_escape_string($collectionName)
						. "','"
						. mysql_real_escape_string($_SESSION['user_name'])
						. "');";
					if(!$success = mysql_query($addAttribute))
						die("Unable to update collection attributes: " . $addAttribute);
				}
				//If newAttributes has a NULL value where oldAttributes has something, an attribute was deleted
				else if($newAttributes[$c] == NULL)
				{
					$alterDrop =
						 "ALTER TABLE "
						 . mysql_real_escape_string($collectionName)
						 . " DROP "
						 . mysql_real_escape_string($oldAttributes[$c])
						 . ";";
					if(!$success = mysql_query($alterDrop))
						die("Unable to update collection attributes: " . $alterDrop);
						
					$dropAttribute =
						"DELETE FROM attribute WHERE attribute_collection_name = '"
						. mysql_real_escape_string($collectionName)
						. "' AND attribute_name = '"
						. mysql_real_escape_string($oldAttributes[$c])
						. "';";
					if(!$success = mysql_query($dropAttribute))
						die("Unable to update collection attributes: " . $dropAttribute);
				}
				//Otherwise there was an alteration on the attribute
				else
				{
					//ERROR CHECKING
					if($success = validateAttributes($newAttributes[$c]))
					{
						//Since disabled spinners are not part of POST data
						//Check to see if new attribute type is null for $c
						//If it is not NULL, use the new type
						if($newAttTypes[$c] != NULL)
						{
							$alterAttr = 
								"ALTER TABLE "
								. mysql_real_escape_string($collectionName)
								. " CHANGE "
								. mysql_real_escape_string($oldAttributes[$c])
								. " "
								. mysql_real_escape_string($newAttributes[$c])
								. " "
								. mysql_real_escape_string($newAttTypes[$c])
								. ";";
						}
						//otherwise, use the old type
						else
						{
							$alterAttr = 
								"ALTER TABLE "
								. mysql_real_escape_string($collectionName)
								. " CHANGE "
								. mysql_real_escape_string($oldAttributes[$c])
								. " "
								. mysql_real_escape_string($newAttributes[$c])
								. " "
								. mysql_real_escape_string($oldAttTypes[$c])
								. ";";
						}
						
						$updateAttr =
							"UPDATE attribute SET attribute_name = '"
							. mysql_real_escape_string($newAttributes[$c])
							. "' WHERE attribute_name = '"
							. mysql_real_escape_string($oldAttributes[$c])
							. "' AND attribute_collection_name = '"
							. mysql_real_escape_string($collectionName)
							. "';";
						
						//Or if they do.. don't do anything extra
						if(!$success = mysql_query($alterAttr))
							die("Unable to update collection attributes: " . $alterAttr);
							
						if(!$success = mysql_query($updateAttr))
							die("Unable to update collection attributes: " . $updateAttr);
					}
					//Display error if attribute name is bad
					else
					{
						header('Location: new_collection.php?edit=true&err=badattname&cname=' . $collectionName);
					}
				}
			}
		} //End of enormous FOR loop

		header('Location: index_secure.php');
	}
	elseif($result == -1)
	{
		header('Location: new_collection.php?edit=true&err=invalcolname&cname=' . $collectionName);
	}
	elseif($result == -2)
	{
		header('Location: new_collection.php?edit=true&err=invalattsname&cname=' . $collectionName);
	}
	elseif($result == -3)
	{
		header('Location: new_collection.php?edit=true&err=dupattsname&cname=' . $collectionName);
	}
	elseif($result == -4)
	{
		header('Location: new_collection.php?edit=true&err=nullatts&cname=' . $collectionName);
	}
	else
	{
		header('Location: new_collection.php?edit=true&err=unknown&cname=' . $collectionName);
	}
}
//If user does not own collection - access denied!
else
{
	unset($_SESSION['user_name']);
	header('Location: index.php?err=denied');
}
?>